It is common for computer users to connect to a large mainframe computer to get computer services. The user has a “dumb” terminal (a keyboard and a display but no processor “brain”) connect to the mainframe computer over a telephone line. The user's “dumb terminal” calls up the mainframe and establishes an on-line connection. The mainframe does all the computer processing, and sends the results down the telephone line for display on the user's display. The user is often charged a fee based on the amount of time he is connected to the mainframe.
Many people now have personal computers in their homes and businesses. These “stand-alone” personal computers have taken over the marketplace, and now most computing is done locally within the box that sits in front of the user. This is possible because these personal computers are self-contained units that have their own powerful internal processor “brain,” memory and mass storage. Since they can do most computing locally, most computing tasks can be carried out without connecting to another computer over a telephone line.
Even though most computing can be done locally on a personal computer, there is often a need to share information between computers. For example, one computer user may wish to send an electronic mail message (“Email”) to another computer user. Similarly, a computer user may want to retrieve a file he (or someone else) previously stored on another computer.
The simplest way to transfer information between computers is to have one of the computers write the information onto a storage device (e.g., a floppy diskette or magnetic tape). This storage device is then physically carried to the other computer, which reads the information. While this approach is simple and low in cost, it is often inconvenient to carry or send a physical storage device to the computer that wants to read the information. In addition, it may take too long to physically move the storage device (e.g., suppose that the two computers are in different states or even in different countries).
Because computer users often demand instantaneous sharing of computer information and cannot wait for someone to send them a floppy disk containing the information, various “on-line” personal computer connections have become popular. The computer user can connect a “modem” (a kind of data transmitter and receiver) between his computer and his telephone line. The computer controls the modem to automatically call the telephone number of another computer, which also has a similar modem connected between it and the telephone line. The two computers can “talk” to one another over the telephone line, and can exchange all sorts of information such as files, Email, and computer programs.
An entire industry of “information providers” (also referred to as “on-line services”) has been created to support the need for computers to share information. These information providers automatically answer telephone calls placed by user's computers, automatically respond to information requests, and provide the information over the telephone line to the calling computer. Compuserve, Prodigy and America On-line are all examples of information providers. A computer user can use these on-line services to do useful things such as place a computer want ad, read electronic mail messages, download a new video game program, scan the news wires, get a stock quote, and conference with other computer users about his favorite hobby. The information providers require the user to pay a fee each month. This fee can be a flat, unlimited use fee, or it can be based on the amount of connection time. The user's credit card number is often on record, and his credit card is automatically charged every month.
The information provider maintains a “host” computer system (e.g., a large “mainframe” computer) that automatically answers the incoming call. When a user requests a function to be performed by the information provider, software is run on the host computer system to satisfy the request. Results can be stored on the host for later review or file transfer to the remote personal computer. The user's computer uses “file transfer protocols” and “workstation capture buffer” to receive the data. However, just like with prior “dumb” terminals, user interaction with the host computer system is with the user's personal computer acting as a workstation display terminal. The user is limited to keyboard input and displayed output.
There are also certain products that allow one personal computer to remotely access another personal computer and/or resources connected to the other personal computer. For example, a product known as “PC Anywhere” involves loading software onto two personal computers: the “master” personal computer to be accessed, and the “remote” personal computer that will be doing the remote accessing. The software allows an on-line, real time link to be established via modems and a telecommunications link between the master and the remote. All user inputs (e.g., keyboard and mouse commands) inputted at the remote are passed to the master, and all display outputs (e.g, screen driver inputs) are passed from the master to the remote. The processor of the remote simply passes this information back and forth without doing any other substantive processing on it. Moreover, the on-line session takes control of the remote computer (at least in a single tasking environment) and does not allow the remote user to access other resources of his remote computer. This “PC Anywhere” technique thus allows the remote computer to access all resources (e.g., connections to a minicomputer) that the master can access, but does not permit any substantial degree of co-processing. In other words, the remote personal computer thus acts like a “dumb” terminal, with the master doing all of the substantive processing.
So-called “Bulletin Board” systems also provide on-line services to PC users. These systems typically consist of a dedicated personal computer with a large hard disk to store the software and messages collected from various users. These systems are suitable for sending and retrieving messages, bulletins, programs, and other uses like a forwarding point for customer orders, remote site data collection, software distribution, or on-line product support services. Limited hardware and software costs for these systems has made them a cost effective solution for certain business needs. More frequently, they are used by individuals to send and receive programs and messages. The biggest limitations to these systems are their lack of security controls and their limited capabilities (and corresponding susceptibility to overload) when operated in a multi-user and multi-tasking environment. Bulletin Board systems are also renowned for spreading computer viruses (see discussion below) particularly because virus coders can easily upload their infected programs anonymously.
Another way computer users commonly share information is by logging onto the “Internet,” a worldwide network of computers connected together. Nearly every university and many other organizations in the United States have connected their computer systems to the Internet. The Internet is commonly used to transfer electronic mail and files between computers. However, some “server” computers on the Internet also provide automatic computing capabilities to remote users. For example, it is possible to send an electronic mail “request” that a particular “server” computer automatically responds to by sending a electronic mail “reply” containing the requested information. A simple example is for a server to reply to a request by sending a text message or file. On a more complex scale, so-called “Archie” servers can automatically perform a database search based on the request, and send back a list of records that meet the search criteria. It is also possible to send programs from a less powerful computer to a more powerful computer, having the more powerful computer execute the program to generate an output file, and then return the output file to the less powerful computer for review and analysis. A wealth of publications and articles are available that provide much more information about the “Internet” and the so-called “Information Highway.”
The Internet is similar to a LAN/WAN in that it was designed to allow many computers of differing types to interconnect and exchange information and programs. The Internet is used to allow computers to interconnect with other computers of similar or different type to exchange information and access programs. Typical access to the Internet is by monthly fee paid to a provider for access. A typical fee might be $200 a month for unlimited access and 50 megabytes of download capabilities. Additional data downloaded would be provided on a per megabtye basis. Other commercial providers on the Internet may charge by the minute for access to their system. An on-line service as described in the exemplary embodiment of this invention could become a commercial provider on the Internet.
Many users connect to the Internet using a protocol called “SLIP” which allows a personal computer to operate as a “dumb terminal” for access to information and services. The Internet provides several layers of access available to remote users. The mail layer allows the exchange of mail between remote system users. The news layer provides various news information typically related to computers such as a new virus loose, or new release information on an upcoming system or hardware product. Telnet is used to provide remote log-on into other remote systems connected to the Internet. NFS (Network File System), RFS (Remote File System) are used to set aside at least a portion of the local system to be available as a file system on the network. Drives on a remote system defined using NFS and RFS are available for mounting by other remote systems on the Internet. Anonymous FTP (File Transfer Protocol) is also available on the Internet to access files residing on a remote system. PPC is also used to provide interconnection between a remote system and the Internet. PPC allows a remote system to be defined by the Internet with a node and is thus assigned a unique address within the Internet system to allow other remote systems to access the remote system defined using PPC.
One problem with the Internet is that a local computer can directly access the resources of another computer, thus allowing a local computer to introduce a boot sector virus, for instance, on the system disk of a remote computer such that the remote computer will become infected the next time the remote computer is booted. NFS and RFS do utilize security controls to set the discretionary (public access as set by user) and mandatory (secured access defined through system maintained security attributes for each object on the system) controls when making a local file system available to the network. A remote user with proper authorities, however, still has direct access to the remote system's storage, however, and so the opportunity exists to transport unwanted data and programs to the remote system. This problem has cause serious consequences in the past (e.g., in 1988 a WORM virus spread throughout the Internet and infected many computers).
“Local area networks” (LANS) are another common way to interconnect computers. Many businesses now store most or all of their important data on a special shared personal computer called a “file server.” User computers access the shared file server over a high-speed data network called a “local area network” (LAN) or a “wide area network” (WAN). Briefly, a “local area network” interconnects data equipment within a limited geographical area, allowing user computers to communicate with each other and to share central resources such as printers, data storage, and long distance data communications. LANs are typically interconnected with coaxial copper cable, unshielded twisted pair cable, or fiber optics. Using a LAN to inter-connect computers provides a more efficient and faster means for data transfer than traditional file transfer methods. All users on a LAN can share resources such as printers, storage devices, and telecommunication links to limit costs associated with duplication of data and equipment. A LAN can also improve business functions with interconnected workstations accessing electronic mail and various shared applications such as customer service inquiry.
As an example of using a LAN to share information, suppose a user wants to edit a word processing document stored on the shared file server. The user's computer sends an electronic request for the document over the local area network. The file server receives the request, processes it, and sends the requested document over the network in an electronic message addressed to the user's computer. The user's computer then loads the document into its internal memory for editing. Once edited, the user's computer can store the document locally (e.g., on the user's computer's hard disk or floppy disk drive), or it can write the edited document back to the file server over the network where it can later be retrieved by the same or different user.
The biggest problem with a LAN in today's world is that the user transparently directly accesses resources on a different computer. This leaves open the possibility that a computer “virus” can proliferate without user knowledge and with limited detection capabilities. A computer “virus” is a special kind of computer program that takes over the operation of a computer. Computers can “catch” viruses by receiving executable computer programs from other computers. Some viruses command the infected computer to destroy all stored information. Other viruses are less harmful, but all viruses are potentially damaging in terms of wasting computer resources and annoying computer users. Virus protection software can be loaded onto computers to protect them from virus infections. Unfortunately, this anti-viral software can only protect against the particular types of viruses the software is programmed to recognize and/or behavior common to viruses. A new “strain” of computer virus can entirely escape detection. Therefore, it is necessary to update virus protection software with new versions as often as possible. This becomes expensive and time consuming, and it often becomes an administrative problem to ensure that updates are regularly applied.
Some personal computer users are able to establish connections with minicomputers such as IBM's AS/400 system and its predecessor system the IBM System 36 and System 38. The AS/400, IBM's mid-range computer system, has been successfully marketed by IBM to a wide variety of medium size businesses such as banks and law firms. Although IBM's AS/400 system is typically referred to as a “mid-range” computer, the larger models supporting more than one thousand simultaneous users are actually “mainframes” from the standpoint of storage and processing capabilities. Because personal computers are so common, IBM has developed some sophisticated “PC Support” techniques for allowing local and remote personal computers to “attach” to the IBM AS/400 minicomputer as workstations and also to send and retrieve files and other information.
IBM also introduced a “Virtual Disk” function as part of its “PC Support.” This function allows users to access personal computer programs and information by accessing the mini computer as if it were a locally-attached personal computer disk drive. Thus, the minicomputer simulates a local disk drive with a “virtual” or “simulated” disk that actually comprises hardware and software resources of the mid-range computer. In other words, the mid-range computer when attached to the personal computer “looks like” a local disk drive to the personal computer. The personal computer “thinks” it is writing to a locally attached disk drive when actually its data is going through a communications (e.g., telephone) line and gets stored in the memory and/or hard disk of the minicomputer.
Because the personal computer is “fooled” into thinking that the minicomputer “virtual disk” resource is a locally attached disk drive, no significant changes to personal computer hardware and software are needed to interface the personal computer with the minicomputer. For example, it becomes possible for a standard off-the-shelf software program such as Lotus 1-2-3 or WordPerfect to, without modification, read from and write to the disk of the minicomputer. IBM has also provided a “virtual printer” facility that allows personal computers to write to printers attached to the minicomputer while “thinking” they are writing to a locally attached printer.
To install or update the “PC Support” software on a personal computer (“PC”), the user establishes an on-line session between the PC and the IBM minicomputer using special “bootup” software. This bootup software attaches, to the PC, a host virtual disk drive containing the current version of the PC Support software. The software then may be copied from the virtual disk onto the personal computer's local hard disk drive. Alternatively, the personal computer can execute the PC support software from the virtual disk.
When IBM introduced the AS/400, the “Virtual Disk” function was enhanced with the “Shared Folder” function. Shared folders typically contain various different types of files, such as: PC files (both programs and data), text documents (accessible by AS/400 and PC word processors), mail, and data created with Office Vision/400. Personal computer files maintained in a folder are stored in PC format just like PC files. When PC files are stored in a shared folder, the information can be shared by other personal computer users.
In one configuration, the IBM AS/400 can be used with dial-up telephone lines to attach “virtual disks” to remotely located personal computers. Modems are used to provide an interface between the AS/400 and standard dial-up telephone lines. The modems connect to a “communications controller” interface board within the AS/400. This “communications controller” board translates the data streams between the modem and the AS/400. Using these techniques, it is possible to have a remote personal computer call up the AS/400 over a dial up telephone line and attach to a “virtual disk” provided by the AS/400 (this requires both the remote personal computer and the AS/400 to run appropriate “PC Support” software). The personal computer assigns a drive designator (e.g., “E”) to the “virtual disk.” If the computer user commands the personal computer to write to the “C” drive, the personal computer will write the information to the local PC hard disk. If the computer user, on the other hand, commands the personal computer to write to the “E” (virtual) disk drive, the personal computer “thinks” it is writing to a locally attached “E” disk but is instead sending its data over the telephone line for storage in the AS/400. Reading from the “E” drive retrieves files from the AS/400. The reader is referred to the IBM documentation concerning this function, and in particular, the “PC Support” manuals relating to the IBM System/36, System/38 and AS/400. See also IBM manuals relating to TCP/IP for the IBM RISC 6000 describing the “mount” command supported under the AIX operating system.
File serving in an AS/400 environment provides added anti-viral protection because a user's personal computer never directly addresses another personal computer. Each personal computer can simultaneously access host peripherals, but it cannot directly access another personal computer through the AS/400 using standard DOS interaction. Each personal computer data request is intercepted by PC Support Router software which translates device access into workstation requests. Although a virus can be sent to and retrieved from the host system as part of a program, the virus cannot spread on its own while it is stored on the host. Furthermore, the AS/400 does not execute code stored on virtual disks. PC code does not execute in the AS/400 processor because the AS/400 operating system is different from a personal computer operating system. Moreover, one of the most dangerous types of viruses known as “boot sector viruses” (executable code stored in a “boot sector” of a physical disk drive to provide drive information for the disk to be addressed) cannot be appended to a host drive because host drives are AS/400 objects (files) accessed solely by a router to satisfy various PC requests.
The following is a non-exhaustive but somewhat representative listing of additional prior-issued patents, publications and advertisements related to on-line virtual device computer services and/or virtual devices:
4,649,47903/87Advani et al.4,982,32401/91McConaughy et al.5,023,77406/91Sakai et al.5,107,45604/92Schuur5,109,51504/92Laggis et al.    S. Armbrust et al., PC Tech Journal, Vol. 3, No. 9, “Forward Looking VDI,” September 1985, pp 42–53    E. R. Carpenter, IBM Technical Disclosure Bulletin, Vol. 34, No. 10B, “Single System Image With Network File System,” IBM Corp., March 1992, pp 408–409    M. Tabes, Datamation, “Managing Storage Across the Enterprise,” May 1992, pp 36–40    P. Korzeniowski, Software Magazine, “Back to the Mainframe For Storage of LAN Data,” July 1992, pp 73–77    Mark Ludwig, The Little Black Book of Computer Viruses, American Eagle publications, 1991, pp. 11–19, 23–29, 55–68, 69–76, 159–162    R. Waterman, Software Magazine, “Waiting for X500,” July 1992, 2 pages    R. Brown, Systems 3X/400, “Serving Many Masters,” March 1992, pp 68–70    PC Computing, “Test and Evaluation Methods,” June 1992, pp 238, 240, 247–248 and 262    Advertisement, “Data Rx,” 1 page    Price list, “Tape Backup,” 1 page    Advertisement, “Let's Talk®, Tired of the Runaround?,” 1 page    Advertisement, “PC/TCP® Plus,” 1 page    Advertisement, News 3X/400, “Mimix Hi-Net, Lakeview Technology Inc.,” September 1991, p 140    Advertisement, Network Innovation, “Server Based Backup,” 1 page    Advertisement, News 3X/400, “PC File Mail,” November 1991, p 74    Advertisement, “HandsOn Software, Monarch 36/400J lets PC users get their hands on mid-range data,” 1 page    Advertisement, Andrew, “NetLynx™: LAN Connectivity by the Numbers,” 1 page    Advertisement, “Innovation® Data Processing, FDR. Your DASD Management System,” 1 page    Advertisement, “Maynard®, Maynard Delivers a Super Bundle,” 1 page    Advertisement, “Central Point Software Inc.®, Never Underestimate the Importance of Complete Protection,” 1 page    Advertisement, Business Communications, Gazelle, “Backup While You Work,” June 1992, p. 436    Advertisement, “Works,” 1 page    Advertisement, “Intel®, Introducing fax software that can send, receive and run with your faxes, 1 page    Advertisement, “LapLink, With LapLink you're only a phone call away,” 1 page    M. Tischer, PC Systems Programming, Abacus, April 1993, pp. 157–171, 208–12, Appendix B and C    Robert Jourdan, Programers Problem Solver, Prentice Hall, 1986, pp. 369–394, 395–406    The Waite Group, MS-DOS Developers Guide, Howard Sams & Co., 1989, pp. 281–354, 583, 739–748    Advertisement, PC/Computing, “Control up to 96 PC file servers with 1 keyboard and monitor using . . . Commander by cybex, p 433    Advertisement, PC/Computing, “SequeLink™, MiddleWare™: Open Windows for Client/Server Computing,” p 427    Advertisement, “System Software Associates, Inc., BPCS Client/Server Application Software, 1 page    Advertisement, “Rochester Software Connection, Inc., What's fast, fun and does the AS/400?” 1 page
One of the greatest limitations to existing on-line services is that no provisions are available to execute host based software on the remote user's system directly or for a user's locally executing application to directly access storage on the host system. The present invention provides an on-line service and associated equipment which solves these and other problems.
A presently preferred exemplary embodiment of this invention provides the following advantageous features:                A multi-user host provides a wide variety of on-line services to a plurality of remote computers via virtual device attachment.        Virtual peripheral devices are attached to the remote customer computer via an on-line, temporary telecommunications link (e.g., a dial up telephone line) in the context of an on-line service.        Customers can load executable code stored on host virtual devices directly into customer or “replica” server memory for execution without file transfer.        Device drivers executed by the customer computer automatically manage I/O requests to replica server and host virtual devices as though they were locally attached devices.        An automated recovery feature periodically (e.g., incrementally) archives the customer computer mass storage data onto a host “virtual disk drive.” When recovery is necessary (e.g., due to failure of the local mass storage device), the customer computer may be initiated using a special boot diskette to boot the computer and automatically attach to the host virtual disk—thereby permitting the customer computer to operate essentially normally despite the failure of its local mass storage device.        Software distribution can be provided on two levels. “Execute only” access to an executable program stored on host-provided virtual storage allows the user to run the program from time to time and/or permit the user to try the software out to determine whether a local copy is needed. Execute only access loads directly into the customer computer or replica server memory without creating an intermediate disk copy. Upon paying a fee, the user is granted copy access to permit downloading the file onto the customer computer local mass storage.        Virtual storage device access includes automatic anti-virus detection in real time. The most recent anti-virus software releases are provided so that new virus strains will be detected while relieving the user from having to constantly update anti-virus software.        Unattended access/attachment to the host (e.g., at a scheduled time during off peak hours) performs routine tasks such as incremental backup/archiving.        Automatic diagnostic capabilities inform the customer about hardware and/or software problems with their computer.        The host may route information between users and/or physical or virtual devices (e.g., to permit multiple users to have shared access to a common database, or customers to move information from one computer to another).        On-line virtual output facilities such as production printing, facsimile, and electronic mail can be economically provided on a “pay as you go” basis.        The host provides automatic billing capabilities and security facilities.        User authorization to access the host may be granted by a “sign-up” system. The “sign-up” system may create a configuration file including password and other access information, and download the file to the user's workstation. Initial charges may be collected via a user-supplied credit card number. Alternatively, access to the “sign-up” system may be via a “special pay” telephone number (900) such that compensation is received by the service provider from the user via the telephone company billing system.        A sophisticated signal process.        A dialing pattern sent to a customer computer (e.g., a certain number of calls, certain number of rings each call, a certain wait period between each call) triggers the customer computer modem to switch into answer mode. Upon answer, an access code is optionally sent to the customer's computer that identifies a reason for the host call (i.e., dial back verification, host task completed on behalf of customer, mail or data waiting for download to customer, etc.). The host computer flags a customer record indicating the customer computer answered at the appropriate time (dialing pattern match), thereby allowing the customer computer to access the host. A Customer Signal file is used to queue the dial-up requests. This allows the host to trigger the customer to call the host when needed, and also allows the customer to be certain that only his computer can access the service. When the customer calls the service first, the service hangs up and queues a dialing pattern to be sent to the customer. Only when the customer computer answers after a certain dialing pattern will the host computer allow the customer entry. The customer accesses the service, but only after the host flags a dialing pattern match. If the host dials the customer first and gets a pattern match, then the customer can access the system immediately without this dialback sequence.        A computer of similar type to the customer (Off-line “Replica” Computer) performs tasks that require an identical processor type to the customer, thus freeing the customer computer to perform other activities. Request data is written by the customer and read by the Replica computer to perform these tasks. The Replica computer task has access to data secured by the user but available only to the customer and the replica task (i.e., routing disks, etc.). Prompts and information are supplied before the request is queued, and the replica computer automatically enters the necessary keystrokes to achieve the task using the prompted information stored with the request data. A Replica Request file is used for the data.        A 900 area code phone number is used for pay access to services.        A customer processor executes commands from the host. All requests for services are initiated by a host command that in turn may execute a customer computer processor command.        Host based anti-viral programs are loaded and executed in the customer processor to protect access to programs and data.        Virtual devices to allow the execution of host based software within the customer processor.        Host Request information maintained in a Host Request File causes commands to execute on the host which may in turn cause commands to execute within the customer processor.        A host based controlling command for each service option and a router security intercept program which track the start and end time for billing purposes whenever a command executes within the customer processor.        Media, documents and the like can be converted by using a replica of the customer's computer running translation or conversion software against data stored in virtual devices by the customer.        The service allows customer access to on-line service data by the customer computer processor by attaching to the data as a virtual drive.        Data and programs can be rented by using a host control program to restrict attachment to virtual disks holding the data and programs. A host command is used to direct the router to initiate execution of a specified program in the customer's processor.        Data and programs can be purchased/licensed by moving them from a restricted virtual disk to a virtual disk created for and owned by the customer using a host control program.        Automated release update services maintain a table of software owned by the customer that is allowed to be updated. Release update data and programs can be transferred from a restricted virtual disk to the customer computer disks or virtual disks using a host control program.        A security program verifies types of access to restricted virtual devices attached by a control program but currently accessed by a program executing within the customer's processor.        Control information is transferred between the host computer and the customer computer to manage on-line service requests.        A host controlling program executes programs in both the host processor and customer processor separately or at the same time within a given process to achieve desired results.        Programs residing on the host system but executed within the customer processor are executed as though they are directly available to the customer computer operating system using a host control program.        In the case of on-line service access via special charge telephone numbers, Telco's use On-line Service billing time and access charges to assess fees which appear on the customer's Telco statement.        Request completion information is maintained on the host. This information is displayed to the customer on subsequent accesses, or the customer is alerted of a completion by sending a dialing pattern and access code to identify the type of message or trigger the customer computer to call the on-line service.        The customer computer automated access program can identify a lockup condition and break out of the task to continue with additional requests.        The host computer identifies a lockup condition and cancels the program or session to allow the customer computer to continue with additional requests.        